SQL Injection Vulnerability in Jquery Accordion Slideshow Plugin for WordPress
CVE-2023-5464

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Jquery accordion slideshow
Vendor: CVE Published:; 31 October 2023

Summary

The Jquery Accordion Slideshow Plugin for WordPress is susceptible to SQL Injection due to inadequate escaping of user-supplied parameters within its shortcode. This flaw allows authenticated attackers with subscriber-level access or higher to inject additional SQL queries into existing ones, potentially exposing sensitive database information. The vulnerability affects all versions prior to and including 8.1.

Affected Version(s)

Jquery accordion slideshow * <= 8.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/jquery-accordi...

https://plugins.trac.wordpress.org/changeset/2985511/jque...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2023
Vulnerability Reserved
Oct 9, 2023

Credit

Lana Codes